Lawsuit alleging Gmail ads are “wiretapping” gets judge’s OK

Non-Gmail users never agreed to have their e-mail scanned, lawyers say.

It's widely understood that the ads Google puts in Gmail are based on the content of e-mails. The millions of Gmail users presumably accept the company's promise that "no humans read your e-mail."

Despite that, a lawsuit claiming that Google's practice violates pre-Internet anti-wiretapping laws will be going forward. Lawyers representing non-Gmail users of various stripes in a class-action lawsuit say their clients never agreed to have their e-mails intercepted and scanned by Google. They argue that Google's "interception" of those e-mails violates federal anti-wiretapping laws and state privacy laws. And today, US District Judge Lucy Koh agreed with them, refusing to grant Google's motion to dismiss the case.

Even an e-mail sender who read the company's privacy policies "would not have necessarily understood that her e-mails were being intercepted to create user profiles or to provide targeted advertisements," stated the judge. The plaintiffs in this case haven't consented implicitly or explicitly to have their e-mails scanned, and so the lawsuit can move forward, she ruled.

Some of the plaintiffs do use Google mail, but they're not free Gmail users, who would have agreed to Google's ad-scanning terms when they signed up. Rather, they're users of non-ad-based e-mail, including some of Google's own paid services, like Google Apps for Education. Those users of non-Gmail services didn't agree to get their e-mails scanned by the service, their lawyers argued.

The proposed classes of plaintiffs—and there are several—are potentially huge. One includes "all US citizen non-Gmail users who have sent a message to a Gmail user and received a reply or received an e-mail from a Gmail user."

No, really, they’re all cool with it

In its defense, Google said that those users gave "implied consent" to Gmail's business practices when they chose to e-mail Gmail users. "Google's theory is that all e-mail users understand and accept the fact that e-mail is automatically processed," not just for advertising but for things like spam filtering, which is vital to running a modern e-mail service. In its motion to dismiss, Google described this class action lawsuit as an attempt to "criminalize ordinary business practices" that were nearly a decade old.

Koh didn't buy it. Google's theory that non-Gmail users had offered "implied consent" when they shot off an e-mail to a Gmail user would "eviscerate the rule against interception," she wrote.

Even for users who may have read some company policies, Koh found that Google's disclosures were lacking. They suggest that Google ads "were based on information 'stored on the services' or 'queries made through the Services'—not information in transit via e-mail," she wrote. Google also doesn't disclose that it uses e-mails to build "user profiles," not only to serve up the immediate advertisements.

Google did succeed in getting certain state law claims thrown out of the lawsuit, including claims under Pennsylvania law and some California state law claims.

The search giant hasn't lost this lawsuit—there's a long way to go. The plaintiffs have a lot of work ahead of them, including getting their case accepted as a class action. The fact that Google wasn't able to knock the case out on a motion to dismiss does increase the chances of a settlement, but it seems likely Google will fight tooth-and-nail on an issue like this. The company is already fighting hard against an adverse ruling that anti-wiretapping laws apply to its Wi-Fi data collection screwup. It suffered that ruling at an appeals court earlier this month and has asked for it to be reconsidered.

One user of an academic email system powered by Google told Ars he agreed with at least some of the sentiment of the lawsuit, in that Google hadn't fully disclosed how it was using emails it distributed.

"Here at Berkeley, I repeatedly asked both lawyers and engineers whether our gMail-powered email system, bMail, would profile students," said UC Berkeley law prof Chris Hoofnagle in an email to Ars. "They said there would be no ads, but would not make a writing about other data mining of bMail content. We certainly did not consent to all of this, and in retrospect, I feel (as a relatively sophisticated player in this field) misled by the Google people."

249 Reader Comments

Really? Are you using a patent filing as proof that Google makes profiles of non Gmail users that has sent emails to Gmail users?

The patent, filed shortly before Gmail’s introduction by the lead developer of Gmail, along with the designer of the AdSense profiling and Gmail spam filtering algorithms, describes explicitly how a service like Gmail would build such profiles.

But I suppose it’s almost impossible to “prove”, except anecdotally. I know that doesn’t meet the official Internet Comment Section Proof Standards.

Really? Are you using a patent filing as proof that Google makes profiles of non Gmail users that has sent emails to Gmail users?

The patent, filed shortly before Gmail’s introduction by the lead developer of Gmail, along with the designer of the AdSense profiling and Gmail spam filtering algorithms, describes explicitly how a service like Gmail would build such profiles.

But I suppose it’s almost impossible to “prove”, except anecdotally. I know that doesn’t meet the official Internet Comment Section Proof Standards.

If they are doing email profiling as well, then to get any economic benefit out of it they need to advertise that fact. Otherwise, they can't profit from it.

No, you do not need to advertise a business method to profit from it so your reasoning is based on an obvious logical fallacy. In fact, some business methods depend greatly on secrecy to maintain their utility to generate profits.

That doesn't say anything about e-mail at all, because it's about something completely different: how Google uses cookie data gathered from ads shown on third party sites.

You asked for how Google advertises its ad targetting, and I have provided it.

That doesn't say anything about email at all because, apparently, google ads targetted to 'interests' don't use email profiling. Instead it says they get their demographic data using cookie data from ads on third party sites, augmented perhaps by Google Account profile data. If I was an advertiser, I'd know what I'd be paying for.

If you say that google is selling third party email profiling as a service to advertisers, the onus is on you to find where they are accepting money for this service. I don't trust google's 'Don't Be Evil'. I do however trust that they know how to run a business, and your insistence that they are keeping a (allegedly) high profitable product secret and unadvertised makes no business sense.

Really? Are you using a patent filing as proof that Google makes profiles of non Gmail users that has sent emails to Gmail users?

The patent, filed shortly before Gmail’s introduction by the lead developer of Gmail, along with the designer of the AdSense profiling and Gmail spam filtering algorithms, describes explicitly how a service like Gmail would build such profiles.

But I suppose it’s almost impossible to “prove”, except anecdotally. I know that doesn’t meet the official Internet Comment Section Proof Standards.

If they are doing email profiling as well, then to get any economic benefit out of it they need to advertise that fact. Otherwise, they can't profit from it.

No, you do not need to advertise a business method to profit from it so your reasoning is based on an obvious logical fallacy. In fact, some business methods depend greatly on secrecy to maintain their utility to generate profits.

They are generally referred to as "trade secrets".

Targetting ads at email senders is not a 'business method'. It's a *product*.

No, because they don't extract and save message content. Also, a large amount of spam filtering can be done from the headers alone. No one, outside of Google, really know what Google does with email content.

The best fix for this would be end-to-end email encryption by default.

If you send an email to a Gmail server, I'm pretty sure there's implied consent there that the server can read and process the contents of that email.

I can understand an argument being mounted about the privacy implications of Google's automatic profile-generation. But does that really constitute wiretapping, when the data was specifically transmitted to Google's mail servers in the first place? It seems a stretch to me.

Once you send the e-mail, you give up right to privacy. It's no different from any other form of communication. If you send someone a letter, that letter can be legally published or shared with others, if the recipient chooses to do so. If you leave someone a voicemail, or call someone and they choose to record you secretly (which they can do, since one of the parties is aware of the recording), they can choose to publish or share those recordings. In this case, the recipient agreed to share the contents of their email with Google when they signed up for the service.

Careful... the "one party consent" rule for recording a conversation depends on the state. Some require both parties to consent. [/pedantic side note]

Doesn't Facebook do this to any website that has their icon on it? Why is it always Google getting hammered for doing things that everyone else seems to be doing?

'Cos while facebook has like icons plastered all over the web the only change you see is inside the walled garden that is facebook. Google on the other hand uses their information to target adverts across the web.

Its still wiretapping whether or not they do the same things with the information. Collecting is collecting.

Doesn't Facebook do this to any website that has their icon on it? Why is it always Google getting hammered for doing things that everyone else seems to be doing?

'Cos while facebook has like icons plastered all over the web the only change you see is inside the walled garden that is facebook. Google on the other hand uses their information to target adverts across the web.

Its still wiretapping whether or not they do the same things with the information. Collecting is collecting.

apart from the fact that everyone that is inside the facebook walled garden has consented by having an account. And you can't click the like button without an account.

Doesn't Facebook do this to any website that has their icon on it? Why is it always Google getting hammered for doing things that everyone else seems to be doing?

'Cos while facebook has like icons plastered all over the web the only change you see is inside the walled garden that is facebook. Google on the other hand uses their information to target adverts across the web.

Its still wiretapping whether or not they do the same things with the information. Collecting is collecting.

apart from the fact that everyone that is inside the facebook walled garden has consented by having an account. And you can't click the like button without an account.

Facebook also collects information on people who do not have accounts without their consent, and for the non technical, knowledge either.

Don't you only need one party's consent to get around the wiretap laws? It doesn't matter if the non Gmail user didn't consent so long as the receiving Gmail user did.

On a federal level, no idea. On a state level, most state wiretapping laws require the consent of both individuals. I believe that may also be the case for federal wiretapping.

Why wouldn't it require the consent of all involved. If you are secretly recording conversations I am having with you, wouldn't most resonable people consider that wiretapping (this was what came out of the Clinton scandal with Monica Lewinski and Linda Tripp as Tripp was secertly recording phone calls with Lewinski. She was charged later under MD wiretapping laws, I believe it didn't fall under federal wiretapping laws I think because it only occured within the state?)

To me personally it gets down to an expectation of privacy. If I am having a conversation with you, I feel that I should have some level of expectation of privacy in my conversation unless you are telling me explicitly otherwise. I understand its limited to a degree, because you could go tell Sally what I said...but to my mind there is a difference between telling Sally something I said to you (2nd hand) and handing her a tape of our conversation. On the other hand, an email, letter of voice mail message I personally believe I have less of an expectation of privacy because I fully realize you could just hand that to Sally for her to read/listen to.

My personal 2 cents, not that laws often line up with my personal views.

Don't you only need one party's consent to get around the wiretap laws? It doesn't matter if the non Gmail user didn't consent so long as the receiving Gmail user did.

On a federal level, no idea. On a state level, most state wiretapping laws require the consent of both individuals. I believe that may also be the case for federal wiretapping.

Why wouldn't it require the consent of all involved. If you are secretly recording conversations I am having with you, wouldn't most resonable people consider that wiretapping (this was what came out of the Clinton scandal with Monica Lewinski and Linda Tripp as Tripp was secertly recording phone calls with Lewinski. She was charged later under MD wiretapping laws, I believe it didn't fall under federal wiretapping laws I think because it only occured within the state?)

To me personally it gets down to an expectation of privacy. If I am having a conversation with you, I feel that I should have some level of expectation of privacy in my conversation unless you are telling me explicitly otherwise. I understand its limited to a degree, because you could go tell Sally what I said...but to my mind there is a difference between telling Sally something I said to you (2nd hand) and handing her a tape of our conversation. On the other hand, an email, letter of voice mail message I personally believe I have less of an expectation of privacy because I fully realize you could just hand that to Sally for her to read/listen to.

My personal 2 cents, not that laws often line up with my personal views.

Varies by state.

The argument for single-party consent basically revolves around the concept that you obviously weren't trying to keep the information secret from the other party, so why shouldn't they be able to record it? The answer often ends up being "I was willing to say it, but I don't like that he can prove I said it".

If you send an email to a Gmail server, I'm pretty sure there's implied consent there that the server can read and process the contents of that email.

I can understand an argument being mounted about the privacy implications of Google's automatic profile-generation. But does that really constitute wiretapping, when the data was specifically transmitted to Google's mail servers in the first place? It seems a stretch to me.

I wouldn't agree there is implied consent.

Let's use the snail version for comparison.

Mail is sent to Post Office > Post Office reads address information and shuffles it off to Addressee

versus

Mail is sent to Post Office > Post Office reads entire letter, jots down Addressor's name, the Addressee's name, and all relevent facts about you it can glean from the letter and then shuffles it off to Addressee.

The data was sent to Google's servers as a relay to the end destination. Unauthorized interception at any point by any party without appropriate legal basis is wiretapping.

I suppose I should thank you because I was actually thinking this was a load of crap till I read your post and decided to question your assumptions.

If you send an email to a Gmail server, I'm pretty sure there's implied consent there that the server can read and process the contents of that email.

I can understand an argument being mounted about the privacy implications of Google's automatic profile-generation. But does that really constitute wiretapping, when the data was specifically transmitted to Google's mail servers in the first place? It seems a stretch to me.

I wouldn't agree there is implied consent.

Let's use the snail version for comparison.

Mail is sent to Post Office > Post Office reads address information and shuffles it off to Addressee

versus

Mail is sent to Post Office > Post Office reads entire letter, jots down Addressor's name, the Addressee's name, and all relevent facts about you it can glean from the letter and then shuffles it off to Addressee.

The data was sent to Google's servers as a relay to the end destination. Unauthorized interception at any point by any party without appropriate legal basis is wiretapping.

I suppose I should thank you because I was actually thinking this was a load of crap till I read your post and decided to question your assumptions.

Terrible comparison.

Is it illegal for my secretary to open and sort my mail for me? What if you don't know I have a secretary opening/reading my mail?

Mail is sent to Post Office > Post Office reads entire letter, jots down Addressor's name, the Addressee's name, and all relevent facts about you it can glean from the letter and then shuffles it off to Addressee.

What about,

Mail is sent to your office > your secretary with your consent reads entire letter, jots down Addressor's name, and all relevant facts about the letter she can glean, and then shuffles it off to you.

Seeing you have to travel to address a meeting mentioned in that letter, she stamps a post it on it to remember you where to buy flight and booking if you happen to go to the meeting - targeted advertising oh my !!!

Only allowing Google's processing to take place on emails that are opened would eliminate virus and spam filtering.

I meant for the purposes of advertising only. These days it's reasonable to assume that your e-mail will pass through virus scans and spam-filters as spam and viruses are simply too much of a problem for it to be otherwise.

Spam and virus filtering is a bit more well known, in that they shouldn't use the contents of the mail for anything except to run their pattern matching upon and maybe to locally improve their pattern matching in future. But advertising is less clear; while I expect Google's system functions little differently from their other targeted advertising (compiles a bunch of keywords with priorities and pick ads that seem to match) but it's much more of an unknown. It's not just about Google's system, but about other similar services as well that may be using other methods to handle targeted advertising.

I suppose the main distinction is that spam and virus filters are obvious features that benefit the e-mail recipient and is therefore of interest to them (whether they're aware of it or not) so "reading" the e-mails in that case is justified for providing direct benefit to the service. While advertising is used to support the service, as a feature it's really for Google's own interests, which makes it "reading" the e-mails for their own ends, not the user's.

At least if that was only happening when e-mails are opened then it would demonstrate some kind of intent (provided the user is made aware of this), plus it benefits Google to a degree as there's not much point in them processing e-mails the user choose not to read, or junks/deletes within a given time period. I dunno, it just seems like there are less controversial ways for Google to do this, without seemingly invading the user's privacy.

Only allowing Google's processing to take place on emails that are opened would eliminate virus and spam filtering.

I meant for the purposes of advertising only. These days it's reasonable to assume that your e-mail will pass through virus scans and spam-filters as spam and viruses are simply too much of a problem for it to be otherwise.

Spam and virus filtering is a bit more well known, in that they shouldn't use the contents of the mail for anything except to run their pattern matching upon and maybe to locally improve their pattern matching in future. But advertising is less clear; while I expect Google's system functions little differently from their other targeted advertising (compiles a bunch of keywords with priorities and pick ads that seem to match) but it's much more of an unknown. It's not just about Google's system, but about other similar services as well that may be using other methods to handle targeted advertising.

I suppose the main distinction is that spam and virus filters are obvious features that benefit the e-mail recipient and is therefore of interest to them (whether they're aware of it or not) so "reading" the e-mails in that case is justified for providing direct benefit to the service. While advertising is used to support the service, as a feature it's really for Google's own interests, which makes it "reading" the e-mails for their own ends, not the user's.

At least if that was only happening when e-mails are opened then it would demonstrate some kind of intent (provided the user is made aware of this), plus it benefits Google to a degree as there's not much point in them processing e-mails the user choose not to read, or junks/deletes within a given time period. I dunno, it just seems like there are less controversial ways for Google to do this, without seemingly invading the user's privacy.

I see what you're getting at, but find it hard to see that there's a legal distinction between those various rationale's for scanning your email, whereby one scan would be legal and the other would be wiretapping.

But, also, this whole lawsuit isn't about the Google user, who presumably has agreed to a "deal" with Google allowing the scanning. The lawsuit is about the non-Google user who is emailing something to a Google user. As someone above indicated, if you send me an email, that's not your email anymore. That's my email. And if I decide to let Google scan it, that's no longer any of your business.

Only allowing Google's processing to take place on emails that are opened would eliminate virus and spam filtering.

I meant for the purposes of advertising only. These days it's reasonable to assume that your e-mail will pass through virus scans and spam-filters as spam and viruses are simply too much of a problem for it to be otherwise.

Spam and virus filtering is a bit more well known, in that they shouldn't use the contents of the mail for anything except to run their pattern matching upon and maybe to locally improve their pattern matching in future. But advertising is less clear; while I expect Google's system functions little differently from their other targeted advertising (compiles a bunch of keywords with priorities and pick ads that seem to match) but it's much more of an unknown. It's not just about Google's system, but about other similar services as well that may be using other methods to handle targeted advertising.

I suppose the main distinction is that spam and virus filters are obvious features that benefit the e-mail recipient and is therefore of interest to them (whether they're aware of it or not) so "reading" the e-mails in that case is justified for providing direct benefit to the service. While advertising is used to support the service, as a feature it's really for Google's own interests, which makes it "reading" the e-mails for their own ends, not the user's.

At least if that was only happening when e-mails are opened then it would demonstrate some kind of intent (provided the user is made aware of this), plus it benefits Google to a degree as there's not much point in them processing e-mails the user choose not to read, or junks/deletes within a given time period. I dunno, it just seems like there are less controversial ways for Google to do this, without seemingly invading the user's privacy.

The feature advertising supplies, as you yourself note, is paying for the very service you're using. If you don't want an ad supported one, you can go pay for it, at which point you don't get ads. The trade off is very clear.

It's irrelevant to the lawsuit, however, because neither spam filtering, virus scanning, or advertising is to the benefit of the sender, who is the person supposedly represented by this suit. So we have services accessing mail content, with no benefit to the sender: there's no real distinction there.

Meanwhile it doesn't really matter, because you handed off this email to someone to do with as they will. Maybe they stand up at the workplace and read each email they receive aloud. You might be able to get a copyright claim out of that (it would be tough, though), but no wiretap claim.

If you send an email to a Gmail server, I'm pretty sure there's implied consent there that the server can read and process the contents of that email.

I can understand an argument being mounted about the privacy implications of Google's automatic profile-generation. But does that really constitute wiretapping, when the data was specifically transmitted to Google's mail servers in the first place? It seems a stretch to me.

I wouldn't agree there is implied consent.

Let's use the snail version for comparison.

Mail is sent to Post Office > Post Office reads address information and shuffles it off to Addressee

versus

Mail is sent to Post Office > Post Office reads entire letter, jots down Addressor's name, the Addressee's name, and all relevent facts about you it can glean from the letter and then shuffles it off to Addressee.

The data was sent to Google's servers as a relay to the end destination. Unauthorized interception at any point by any party without appropriate legal basis is wiretapping.

I suppose I should thank you because I was actually thinking this was a load of crap till I read your post and decided to question your assumptions.

I'm surprised that no one has mentioned yet that there are services that receive your email for you, open it, scan it, and then email you the scan. Ars even covered one of them.

Those are legal exactly because there is an "appropriate legal basis". You hired them to open your mail for you. The people sending you mail have even less of a chance of telling that you use one of these services than if you use gmail, and yet there's no problem there.

Hopefully this dies a short death, but with this latest ruling, it seems it may go to jury now...

It bothers me that Google builds a detailed profile of me based on the messages I send to their users.

Can you point where this has been proven?

For example, Google’s US patent #20040059712, section [0071] through [0075].

That it's patented doesn't mean they are doing it. Google has made explicit statements that they *don't* do so.

You both are misunderstanding the patent and the sections quoted. All what you quoted from that patent states is the blatantly obvious - what people send you is what google makes a profile of for you, the gmail user. If I get a lot of newegg promo emails, I might (and have) gotten a blurb about Micron Crucial memory.

It says nothing of the sort that it makes that profile for the sender itself. Heck, I don't even see the ads anymore in the web interface unless I go to the promotion email tab!

The data was sent to Google's servers as a relay to the end destination. Unauthorized interception at any point by any party without appropriate legal basis is wiretapping.

I suppose I should thank you because I was actually thinking this was a load of crap till I read your post and decided to question your assumptions.

Hopefully this dies a short death, but with this latest ruling, it seems it may go to jury now...[/quote]

Along with these ridiculous debates.Contracting for a service ISNT a crime and cant be held to be if the work performed is what was contracted. Parsing information via computerised technology email HEADERS for ANTISPAM or ANTIVIRUS/ MALWARE is an established facet. They probably record every root address it comes from; less where it goes to; unless relays are involved and both end up in the process as a loop/trojan host.Parsing private email content to deliver advertising, an 'agreed' but no reward process to the Gmail account user, but no-one else has given permission to read, copy or maintain access to those private communications. That simple?

The data was sent to Google's servers as a relay to the end destination. Unauthorized interception at any point by any party without appropriate legal basis is wiretapping.

I suppose I should thank you because I was actually thinking this was a load of crap till I read your post and decided to question your assumptions.

Hopefully this dies a short death, but with this latest ruling, it seems it may go to jury now...

Along with these ridiculous debates.Contracting for a service ISNT a crime and cant be held to be if the work performed is what was contracted. Parsing information via computerised technology email HEADERS for ANTISPAM or ANTIVIRUS/ MALWARE is an established facet. They probably record every root address it comes from; less where it goes to; unless relays are involved and both end up in the process as a loop/trojan host.Parsing private email content to deliver advertising, an 'agreed' but no reward process to the Gmail account user, but no-one else has given permission to read, copy or maintain access to those private communications. That simple?

Please provide the rationale for why if you send me an email, it should be illegal for me to contract with Google to do... well... whatever with it? If you sent me snail mail, it would certainly be legal for me to let anyone read it for any reason I want, whether I've read it first or not.

EDIT: I seem to have inherited a quoting problem. I think I fixed it, but I'm not positive I got it right.

Mail is sent to Post Office > Post Office reads address information and shuffles it off to Addressee

versus

Mail is sent to Post Office > Post Office reads entire letter, jots down Addressor's name, the Addressee's name, and all relevent facts about you it can glean from the letter and then shuffles it off to Addressee.

The comparison is nothing like that.

It's more like:

Mail is sent to a "mail sorting" service. The recipient has engaged their services to check each envelope, remove junk mail, and store a copy of each letter indefinitely. In exchange, they receive flyers, slipped into each envelope, based on the context of the letter.

Does the recipient have the right to use such a mail sorting service? Sure they do. Once it's mailed to them, it's their letter, and they can have whoever they want read it.

If this was just a mail forwarding service, your comparison would be valid, but Gmail does a whole lot more than just forward email. They filter it, store it, provide an interface for reading it, and in exchange, users agree to their Terms of Service.

There are services that do just this for snail mail. They'll take your mail, open it, digitize it, and archive the originals on your behalf. The sender has no way of knowing if you're using such a service. Is that wiretapping too? Or does wiretapping require a wire? Maybe it's espionage...

Also, where's the proof that Google is profiling the senders who never accepted Google's ToS for fun and profit? What would it take for people to be satisfied that the processing does not violate the sender's privacy? If Google was considered guilty of such wiretapping, what would the remedy be? Them leaving the email space entirely? They need to read emails to deliver them. They need to parse them to do SPAM filetring, sort them into labels, etc. They will build a profile of SPAMy senders, as is expected of them. So want would it take? A phrase in the privacy policy stating they don't profile sender's for commercial gain, whatever the heck that means?

Pretty standard for business owners or top executives to have people open all their mail for them.

I am not sure why some people are struggling with this. If the receiver chooses to have someone review their mail on their behalf they are free to do so. Email should be no different. The idea that you can send someone an email and dictate how they read it is simply crazy.

The idea that you can send someone an email and dictate how they read it is simply crazy.

I hereby demand that this message be read out loud in a high falsetto, while being pelted with grapes by naked stewardesses. If you are unwilling or unable to meet these conditions, your permission to read this message is revoked.

If you send an email to a Gmail server, I'm pretty sure there's implied consent there that the server can read and process the contents of that email.

The problem with that is when you don't know you're sending to an address that is serviced by Google. My domain is handled by Google, but is not an @gmail.com address.

Completely irrelevant.

As a sender of an email you relinquish control when you send it and the receiver is not required to tell you how they might process and read your email.

I still don't get people who think as a sender of an email they have a say in what the recipient does with it or who the recipient has process it for them.

It is very easy. The recipient of any email you send can do with it as they please. This includes hiring or contracting a company to parse it fifty ways to Sunday. Once you understand this you will not have to worry about what domain you are emailing.

If you send an email to a Gmail server, I'm pretty sure there's implied consent there that the server can read and process the contents of that email.

I can understand an argument being mounted about the privacy implications of Google's automatic profile-generation. But does that really constitute wiretapping, when the data was specifically transmitted to Google's mail servers in the first place? It seems a stretch to me.

I wouldn't agree there is implied consent.

Let's use the snail version for comparison.

Mail is sent to Post Office > Post Office reads address information and shuffles it off to Addressee

versus

Mail is sent to Post Office > Post Office reads entire letter, jots down Addressor's name, the Addressee's name, and all relevent facts about you it can glean from the letter and then shuffles it off to Addressee.

The data was sent to Google's servers as a relay to the end destination. Unauthorized interception at any point by any party without appropriate legal basis is wiretapping.

I suppose I should thank you because I was actually thinking this was a load of crap till I read your post and decided to question your assumptions.

If I paid the post office to do that for all the mail sent to me that would be all the consent needed and is what google is doing. Once again thinking the sender has any rights here is illogical.

If i use a mailbox store to get my mail then I hire someone to pick up my mail every day and throw out junk mail, forward my bills on to my accountant and pass on to me magazines and personal correspondence, the fact that you might have sent me a letter means nothing. You have no say in how I choose to process my mail or email. I contract with google to collect all my email and process it. I have them discard the junk, filter the rest into a hundred different folders and use the content of emails to provide me targeted ads. I have made this deal with google and I consent to it. I don't give a flying duck what you think about how I manage MY email when you send me something. Once you send it to me it is mine. I enlist google to help with processing and management. That is between me and google. It is nobody else's business, including the people who sent me the e-mail.

I don't really have an issue with Google scanning the emails that I've sent to their users, where I do start to have an issue is when they start building a profile of me, then on-selling MY details. I DID NOT consent to being sold, thank-you-very-much. If you want to on-sell MY details, I want the right of consent. Let's start with the implied right of dissent. Unless I explicitly grant you permission to use my details FOR ANYTHING, you do not have my permission. Otherwise, let's take this to the next level, shall we? If your baby is born in MY hospital, I have the right to do anything I want with it.

If you send an email to a Gmail server, I'm pretty sure there's implied consent there that the server can read and process the contents of that email.

The problem with that is when you don't know you're sending to an address that is serviced by Google. My domain is handled by Google, but is not an @gmail.com address.

Completely irrelevant.

As a sender of an email you relinquish control when you send it and the receiver is not required to tell you how they might process and read your email.

I still don't get people who think as a sender of an email they have a say in what the recipient does with it or who the recipient has process it for them.

It is very easy. The recipient of any email you send can do with it as they please. This includes hiring or contracting a company to parse it fifty ways to Sunday. Once you understand this you will not have to worry about what domain you are emailing.

Your post almost had me conviced of your point regarding non-Gmail users. However there is an added difficulty: the analogy with the mail sorting service didn't mention profiling. I give you the fact that when you send an email (just as when you send a letter) you have no expectation that the intended recipient will keep it private. Any expectation of privacy applies only to mail in transit, i.e. it cannot be opened or tampered with (with some legally justified exceptions that have already been mentioned).

However, *if* Google profiles non-Gmail users, which isn't clear to me at this point, then you have data protection laws come in. At least in the EU *any* collection and treatment of personal data regarding identified or identifiable persons *must* be authorized by the data subject. Depending on the type of data Google stores and processes (sender IP, sender email address, signature, etc.), it would fall clearly under EU data protection laws and would require express consent by the data subjects.

Meanwhile it doesn't really matter, because you handed off this email to someone to do with as they will. Maybe they stand up at the workplace and read each email they receive aloud. You might be able to get a copyright claim out of that (it would be tough, though), but no wiretap claim.

I don't really disagree, I just think it's a good time to put some kind of restrictions on this. Not specifically with Google, but it highlights that it's not just the recipient we need to worry about; if they choose to forward, delete etc. a mail then fine, I've essentially given them permission to do that. But we as senders have no idea what the companies in between are doing with those e-mails.

The recipients probably don't really know either; while most people will understand that the advertising pays for the "free" service, they're not likely to take the time to check whether Google promises to only use the e-mails for simple keyword matching, or whether it (or another company) might be merrily sending e-mails off to third parties for processing for various purposes. While users should be aware of these potential risks, I think it's a good time to make it clear that companies are responsible for informing users of any features that involve "reading" the content of their e-mails. This isn't necessarily a bad thing for the companies, as they can use it as an opportunity to highlight spam-filtering, virus scanning and to confirm that targeted advertising is used in a responsible way (i.e - it just grabs a handful of top keywords and picks ads based on those without recording anything).

I'm not sure I expect the suit to go anywhere, but it's yet another thing that highlights the vagaries of e-mail, and it is true after all that no-one really spends a lot of time considering the needs and wishes of the sender. It's yet another reason why we should be making S/MIME easier to setup and use, as Google can't read e-mails it can't open